7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.173 Low
EPSS
Percentile
96.1%
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:sql_server | microsoft sql server | eq | 7.0 |
microsoft:sql_server | microsoft sql server | eq | 2000 |
marc.info/?l=bugtraq&m=100891252317406&w=2
www.atstake.com/research/advisories/2001/a122001-1.txt
www.kb.cert.org/vuls/id/700575
www.securityfocus.com/bid/3733
docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
exchange.xforce.ibmcloud.com/vulnerabilities/7724
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83
More